Presentation is loading. Please wait.

Presentation is loading. Please wait.

CSE 486/586, Spring 2012 CSE 486/586 Distributed Systems Security --- 1 Steve Ko Computer Sciences and Engineering University at Buffalo.

Published byGary Cunningham Modified over 9 years ago

Similar presentations

Presentation on theme: "CSE 486/586, Spring 2012 CSE 486/586 Distributed Systems Security --- 1 Steve Ko Computer Sciences and Engineering University at Buffalo."— Presentation transcript:

1 CSE 486/586, Spring 2012 CSE 486/586 Distributed Systems Security --- 1 Steve Ko Computer Sciences and Engineering University at Buffalo

2 CSE 486/586, Spring 2012 Recap BFT –f faulty nodes  3f + 1 total nodes PBFT –Primary-backup state machine replication –Total ordering of requests –Handling primary failures PBFT Clients –Waits for f + 1 replies with the same result PBFT Replicas –Pre-prepare –Prepare –Commit –View change 2

3 CSE 486/586, Spring 2012 Security Threats Leakage: An unauthorized party gains access to a service or data. Attacker obtains knowledge of a withdrawal or account balance Tampering: Unauthorized change of data, tampering with a service Attacker changes the variable holding your personal checking $$ total Vandalism: Interference with proper operation, without gain to the attacker Attacker does not allow any transactions to your account 3

4 CSE 486/586, Spring 2012 Security Properties Confidentiality: Concealment of information or resources Authenticity: Identification and assurance of origin of info Integrity: Trustworthiness of data or resources in terms of preventing improper and unauthorized changes Availability: Ability to use desired info or resource Non-repudiation: Offer of evidence that a party indeed is sender or a receiver of certain information Access control: Facilities to determine and enforce who is allowed access to what resources (host, software, network, …) 4

5 CSE 486/586, Spring 2012 Attack on Confidentiality Eavesdropping –Unauthorized access to information –Packet sniffers and wiretappers (e.g. tcpdump) –Illicit copying of files and programs 5 A B Eavesdropper

6 CSE 486/586, Spring 2012 Attach on Integrity Tampering –Stop the flow of the message –Delay and optionally modify the message –Release the message again 6 A B Perpetrator

7 CSE 486/586, Spring 2012 Attack on Authenticity Fabrication –Unauthorized assumption of other’s identity –Generate and distribute objects under identity 7 A B Masquerader: from A

8 CSE 486/586, Spring 2012 Attack on Availability Destroy hardware (cutting fiber) or software Modify software in a subtle way Corrupt packets in transit Blatant denial of service (DoS): –Crashing the server –Overwhelm the server (use up its resource) 8 A B

9 CSE 486/586, Spring 2012 Designing Secure Systems Your system is only as secure as your weakest component! Need to make worst-case assumptions about attackers: –exposed interfaces, insecure networks, algorithms and program code available to attackers, attackers may be computationally very powerful –Tradeoff between security and performance impact/difficulty –Typically design system to withstand a known set of attacks (Attack Model or Attacker Model) It is not easy to design a secure system. And it’s an arms race! 9

10 CSE 486/586, Spring 2012 CSE 486/586 Administrivia The last class on 4/30 (Monday) –Review of the semester Project 3 out –Update –Please, please start now if you haven’t! –Deadline: 4/30 (Monday) @ 11:59PM Final –5/7 (Monday), 3:30PM - 6:30PM –Norton 112 10

11 CSE 486/586, Spring 2012 Cryptography Comes from Greek word meaning “secret” –Primitives also can provide integrity, authentication Cryptographers invent secret codes to attempt to hide messages from unauthorized observers Modern encryption: –Algorithm public, key secret and provides security –May be symmetric (secret) or asymmetric (public) Cryptographic algorithms goal –Given key, relatively easy to compute –Without key, hard to compute (invert) –“Level” of security often based on “length” of key 11 plaintext ciphertext plaintext encryptiondecryption

12 CSE 486/586, Spring 2012 Three Types of Functions Cryptographic hash Functions –Zero keys Secret-key functions –One key Public-key functions –Two keys 12

13 CSE 486/586, Spring 2012 Cryptographic Hash Functions Take message, m, of arbitrary length and produces a smaller (short) number, h(m) Properties –Easy to compute h(m) –Pre-image resistance: Hard to find an m, given h(m) »“One-way function” –Second pre-image resistance: Hard to find two values that hash to the same h(m) »E.g. discover collision: h(m) == h(m’) for m != m’ –Often assumed: output of hash fn’s “looks” random 13

14 CSE 486/586, Spring 2012 How Hard to Find Collisions? Birthday paradox –In a set of n random people, what’s the probability of two people having the same birthday? Calculation –Compute probability of different birthdays –Random sample of n people taken from k=365 days 14

15 CSE 486/586, Spring 2012 Birthday Paradox Probability of no repetition: –P = 1 – (1) (1 - 1/365) (1 – 2/365) (1 – 3/365) … (1 – (n- 1)/365) –P ≈ 1 – e -(n(n-1)/2k –For p, it takes roughly sqrt(2k * ln(1/(1-p))) people to find two people with the same birthday. With p = 50%, 15

16 CSE 486/586, Spring 2012 How Many Bits for Hash? If m bits, how many numbers do we need to find (weak) collision? –It’s not 2 m ! –It takes 2 m/2 to find weak collision –Still takes 2 m to find strong (pre-image) collision 64 bits, takes 2 32 messages to search MD5 (128 bits) considered too little SHA-1 (160 bits) getting old 16

17 CSE 486/586, Spring 2012 Example: Password Password hashing –Can’t store passwords in a file that could be read –Concerned with insider attacks! Must compare typed passwords to stored passwords –Does hash (typed) === hash (password)? Actually, a salt is often used: hash (input || salt) –Avoids precomputation of all possible hashes in “rainbow tables” (available for download from file-sharing systems) 17

18 CSE 486/586, Spring 2012 Symmetric (Secret) Key Crypto Also: “conventional / private-key / single-key” –Sender and recipient share a common key –All classical encryption algorithms are private-key –Dual use: confidentiality (encryption) or authentication/integrity (message authentication code) Was only type of encryption prior to invention of public-key in 1970’s –Most widely used –More computationally efficient than “public key” 18

19 CSE 486/586, Spring 2012 Symmetric Cipher Model 19

20 CSE 486/586, Spring 2012 Requirements Two requirements –Strong encryption algorithm –Secret key known only to sender/receiver Goal: Given key, generate 1-to-1 mapping to ciphertext that looks random if key unknown –Assume algorithm is known (no security by obscurity) –Implies secure channel to distribute key 20

21 CSE 486/586, Spring 2012 Uses Encryption –For confidentiality –Sender: Compute C = AES K (M) & Send C –Receiver: Recover M = AES’ K (C) Message Authentication Code (MAC) –For integrity –Sender: Compute H = AES K (SHA1 (M)) & Send –Receiver: Computer H’ = AES K (SHA1 (M)) & Check H’ == H 21

22 CSE 486/586, Spring 2012 Public (Asymmetric) Key Crypto Developed to address two key issues –Key distribution: secure communication without having to trust a key distribution center with your key –Digital signature: verifying that a message comes from the claimed sender without prior establishment Public invention Diffie & Hellman in 1976 –Known earlier to classified community 22

23 CSE 486/586, Spring 2012 Public (Asymmetric) Key Crypto Involves two keys –Public key: can be known to anybody, used to encrypt and verify signatures –Private key: should be known only to the recipient, used to decrypt and sign signatures Asymmetric –Can encrypt messages or verify signatures w/o ability to decrypt msgs or create signatures –If “one-way function” goes c  F(m), then public-key encryption is a “trap-door” function: »Easy to compute c  F(m) »Hard to compute m  F -1 (c) without knowing k »Easy to compute m  F -1 (c,k) by knowing k 23

24 CSE 486/586, Spring 2012 Public (Asymmetric) Key Crypto 24

25 CSE 486/586, Spring 2012 Security of Public Key Schemes Like private key schemes, brute force search possible –But keys used are too large (e.g., >= 1024 bits) Security relies on a difference in computational difficulty b/w easy and hard problems –RSA: exponentiation in composite group vs. factoring –ElGamal/DH: exponentiation vs. discrete logarithm in prime group –Hard problems are known, but computationally expensive Requires use of very large numbers –Hence is slow compared to private key schemes –RSA-1024: 80 us / encryption; 1460 us / decryption [cryptopp.com] –AES-128: 109 MB / sec = 1.2us / 1024 bits 25

26 CSE 486/586, Spring 2012 (Simple) RSA Algorithm Security due to cost of factoring large numbers –Factorization takes O(e log n log log n ) operations (hard) –Exponentiation takes O((log n) 3 ) operations (easy) To encrypt a message M the sender: –Obtain public key {e,n}; compute C = M e mod n To decrypt the ciphertext C the owner: –Use private key {d,n}; computes M = C d mod n Note that msg M must be smaller than the modulus n Otherwise, hybrid encryption: –Generate random symmetric key r –Use public key encryption to encrypt r –Use symmetric key encryption under r to encrypt M 26

27 CSE 486/586, Spring 2012 Typical Applications Secure digest –A fixed-length that characterizes an arbitrary-length message –Typically produced by cryptographic hash functions, e.g., SHA-1 or MD5. Digital signature –Verifies a message or a document is an unaltered copy of one produced by the signer –Signer: compute H = RSA K (SHA1(M)) & send –Verifier: compute H’ = SHA1(RSA K’ (H)) & verify H == H’ MAC (Message Authentication Code) –Digital signatures with secret keys –Verifies the authenticity of a message –Sender: compute H = AES K (SHA1 (M)) & send –Receiver: computer H’ = AES K (SHA1 (M)) & check H’ == H 27

28 CSE 486/586, Spring 2012 Summary Security properties –Confidentiality, authenticity, integrity, availability, non- repudiation, access control Three types of functions –Cryptographic hash, symmetric key crypto, asymmetric key crypto Applications –Secure digest, digital signature, MAC, digital certificate 28

29 CSE 486/586, Spring 2012 29 Acknowledgements These slides contain material developed and copyrighted by Indranil Gupta (UIUC), Jennifer Rexford (Princeton) and Michael Freedman (Princeton).

Download ppt "CSE 486/586, Spring 2012 CSE 486/586 Distributed Systems Security --- 1 Steve Ko Computer Sciences and Engineering University at Buffalo."

Similar presentations

Public Key Cryptography Nick Feamster CS 6262 Spring 2009.

Public Key Cryptography Nick Feamster CS 6262 Spring 2009.
CSE 486/586, Spring 2014 CSE 486/586 Distributed Systems Security --- 2 Steve Ko Computer Sciences and Engineering University at Buffalo.

CSE 486/586, Spring 2014 CSE 486/586 Distributed Systems Security Steve Ko Computer Sciences and Engineering University at Buffalo.
Sri Lanka Institute of Information Technology

Sri Lanka Institute of Information Technology
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.

CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
Public Key Algorithms …….. RAIT M. Chatterjee.

Public Key Algorithms …….. RAIT M. Chatterjee.
6/9/2015Madhumita. Chatterjee1 Overview of Computer Security.

6/9/2015Madhumita. Chatterjee1 Overview of Computer Security.
Dr. Lo’ai Tawalbeh Summer 2007 Chapter 9 – Public Key Cryptography and RSA Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus INCS.

Dr. Lo’ai Tawalbeh Summer 2007 Chapter 9 – Public Key Cryptography and RSA Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus INCS.
Network and Communication Security Section 8.1 - 8.3 COS 461: Computer Networks Spring 2011 Mike Freedman

Network and Communication Security Section COS 461: Computer Networks Spring 2011 Mike Freedman
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.

Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.

Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.
Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications.

Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications.
Chapter3 Public-Key Cryptography and Message Authentication.

Chapter3 Public-Key Cryptography and Message Authentication.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
Dr.Saleem Al_Zoubi1 Cryptography and Network Security Third Edition by William Stallings Public Key Cryptography and RSA.

Dr.Saleem Al_Zoubi1 Cryptography and Network Security Third Edition by William Stallings Public Key Cryptography and RSA.

Similar presentations

Ads by Google